Frequently Asked Questions
About NHSN Security
What has to be installed on workstations ("Active-X
or Java Controls")?
Neither. The NHSN was developed using Java J2EE on the server side and HTML
and Java Script on the client browser. The NHSN does not use Active-X or
Java Controls.
Top
Why does the system/computer need 500 MB of disk space?
At least 500 MB of disk space is recommend in order to save user files
such as reports, exported data, PDF files, etc. We also envision in the future
the development of multimedia training materials that may be downloaded.
Top
What ports need to be opened to allow the system to work?
HTTP port 80
Top
What security controls are present?
CDC Secure Data Network (SDN) requires use of a secure 128-bit encryption
digital certificate for authentication into the National Healthcare Safety
Network.
Top
Is patient name a required field?
No. Patient name is only included for the healthcare facility’s benefit.
It allows a facility to identify individual patients. This information is
stored in the database at CDC but not used in any CDC analysis. The only
required patient identity fields are Patient ID #, Gender, and Date of Birth.
Top
What electronic import interfaces are supported (e.g., HL7)?
Currently, the NHSN only accepts comma separated value (CSV) files for the importation of procedure data, surgeon data, and patient demographic data. Healthcare worker demographic data will be imported in the same manner in future releases. Electronic messaging using HL7 3.x messages is under construction for antimicrobial use and resistance data, but is not yet available.
Top
Are all processor-intensive functions handled on the server side vs.
the client side (data analysis, reporting, etc.)?
Yes, all data analysis and reporting is handled on the server side by SAS
Intranetware.
Top
Will there be audit logs generated for each log in? (i.e., who logged in,
when, how many times, etc.)
Yes, CDC Secure Data Network logs user authentication into the NHSN system.
Top
Will
the Facility Administrator have access to the audit logs for the purposes
of monitoring login activity?
No, but if a security breach is suspected we can request access to the audit
logs from the CDC Secure Data Network group.
Top
What security risk assessments has the NHSN undergone?
The NHSN has undergone and passed an extensive Certification and Accreditation
(C&A) security risk assessment required for federal IT systems. The NHSN
software has been scanned for software vulnerabilities and has passed. New
releases of the software will be scanned if new content affects the security
posture of the system.
Top
Can previously uploaded data be downloaded?
Data manually entered or imported into the NHSN can be downloaded at any
time by the facility. A variety of popular file formats are available for
storage of these data (e.g., Excel, dbase).
Top
Are the NHSN data backed up? If so, how and how often?
Yes. Data from the NHSN are stored in SQL databases and an incremental nightly
back up is performed, at minimum, each night. The back ups, log, incremental
and full are stored on a separate disk/server. The back up files are in turn
backed up to tape on a nightly basis and ultimately stored off site. Weeks
worth of back ups are maintained. We have a number of SQL servers available
to use should one fail.
Top
Centers for Disease Control and Prevention, 1600 Clifton Rd, Atlanta, GA 30333, U.S.A
